[Twisted-web] Converting endpoints.serverFromString to TLS_v3
Tom Most
twm at freecog.net
Sat Mar 28 17:47:57 MDT 2020
Hi Axel,
I don't know offhand how to produce a string that does what you want, but it will probably be much easier to instantiate the endpoint classes directly.
https://twistedmatrix.com/documents/current/api/twisted.internet.endpoints.SSL4ServerEndpoint.html
I think we're missing a SSL6ServerEndpoint, unfortunately.
Also unfortunately, SSL4ServerEndpoint is an old-style API (it uses reactor.listenSSL underneath). It takes an IOpenSSLContextFactory that can customize the OpenSSL context arbitrarily.
The new API, used by the ssl: client string syntax, is wrapClientTLS <https://twistedmatrix.com/documents/current/api/twisted.internet.endpoints.html#wrapClientTLS>. We don't have a wrapServerTLS yet, but it's definitely something we should have, if you're interested in adding it. You'd wrap that around TCP4ServerEndpoint and TCP6ServerEndpoint.
---Tom
On Thu, Mar 26, 2020, at 12:24 PM, Axel Rau wrote:
> Hi,
>
> how can I convert the plugin code below to recent security level, to TLSv3, dhparams and extraCertChain ?
> Is OCSP stapling available in Twisted meanwhile?
>
> Thanks, Axel
>
> def makeService(self, options):
> """
> makeService() returns an IService.
> twisted.internet.application.MultiService[1] is an IService that
> composes other services (it's an IServiceCollection).
> """
> ipv4_server = endpoints.serverFromString(
> reactor, 'ssl:{}:privateKey={}:certKey={}:interface={}'.format(
> options['port'],
> endpoints.quoteStringArgument(options['cert_path']),
> endpoints.quoteStringArgument(options['key_path']),
> options['ipv4_address']))
>
> ipv6_server = endpoints.serverFromString(
> reactor, 'ssl:{}:privateKey={}:certKey={}:interface={}'.format(
> options['port'],
> endpoints.quoteStringArgument(options['cert_path']),
> endpoints.quoteStringArgument(options['key_path']),
> endpoints.quoteStringArgument(options['ipv6_address'])))
>
> ipv4 = internet.StreamServerEndpointService(ipv4_server, meteo_factory)
> ipv6 = internet.StreamServerEndpointService(ipv6_server, meteo_factory)
> root = MultiService()
> ipv4.setServiceParent(root)
> ipv6.setServiceParent(root)
> return root
>
> serviceMaker = MeteoServiceMaker()
>
> ---
> PGP-Key: CDE74120 ☀ computing @ chaos claudius
>
>
> _______________________________________________
> Twisted-web mailing list
> Twisted-web at twistedmatrix.com
> https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-web
>
>
> *Attachments:*
> * signature.asc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/twisted-web/attachments/20200328/8a8d9c5d/attachment.htm>
More information about the Twisted-web
mailing list